A Note on Automated postings of SEC ‘cyber’ Correspondence

I’ve hacked together a script that looks for new SEC correspondence regarding ‘cyber’ incidents and risk, and posts the results.

The heuristic used is amazingly simple, yet surprisingly effective:  it looks for any SEC documents of type UPLOAD (Comment Letters from the SEC to registrants) or of type CORRESP (responses to same, from registrants) which contain the keywords cyber, malicious, intrusion, or virus.
Update 11/24/2012: heuristic changed to find files containing “(( cyber OR malicious OR intrusion ) AND (virus OR breach) ) OR cyber”.  This cuts down on FPs.   I know I can take “cyber” out of the first part.  Too lazy.

These keywords were chosen because together they smoked out nearly every Comment Letter about “cyber” incidents I knew of from press reports, with few enough false positives to not drive me batty.  Adding the word “breach” smoked out the remaining letters, but exploded the false positive count.

Readers should note that this heuristic is most definitely NOT 100% accurate, and should judge for themselves whether the correspondence identified pertains to “cyber” incidents or risk.

Advertisements
This entry was posted in SEC Project, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s